Get some machine code, for instance with otool -t /bin/ls | head
$ otool -t /bin/ls | head
/bin/ls:
(__TEXT,__text) section
0000000100001478 6a 00 48 89 e5 48 83 e4 f0 48 8b 7d 08 48 8d 75
0000000100001488 10 89 fa 83 c2 01 c1 e2 03 48 01 f2 48 89 d1 eb
0000000100001498 04 48 83 c1 08 48 83 39 00 75 f6 48 83 c1 08 e8
00000001000014a8 58 0f 00 00 89 c7 e8 1b 39 00 00 f4 55 48 89 e5
00000001000014b8 48 8d 47 68 48 8d 7e 68 48 89 c6 c9 e9 01 3a 00
00000001000014c8 00 55 48 89 e5 48 83 c6 68 48 83 c7 68 c9 e9 ef
00000001000014d8 39 00 00 55 48 89 e5 53 48 89 f1 48 8b 56 60 48
00000001000014e8 8b 47 60 48 8b 58 30 48 39 5a 30 7f 1d 7c 22 48
Get pymsasid from http://code.google.com/p/pymsasid/
$ wget http://pymsasid.googlecode.com/files/pymsasid-0.31.zip
$ unzip pymsasid-0.31.zip
$ cd pymsasid-0.3
Run it
$ python
import pymsasid
code = "6a 00 48 89 e5 48 83 e4 f0 48 8b 7d 08 48 8d 75 10"
p=pymsasid.Pymsasid(source=code,hook=pymsasid.HexstringHook,vendor=pymsasid.VENDOR_AMD)
p.dis_mode = 64
p.pc = 0x0000000100001478
for i in range(5): print p.decode()
will print
push 0x0
mov rbp rsp
and rsp 0xf0
mov rdi [rbp+0x8]
lea rsi [rbp+0x10]
Inga kommentarer:
Skicka en kommentar